Security & Privacy

Pave is ISO/IEC 27001:2022 certified, demonstrating our adherence to rigorous international standards for information security. This certification underscores our dedication to systematically managing sensitive information and ensuring data integrity.

Pave is SOC 2 Type 1 compliant. This attestation verifies we have effective controls in place for financial reporting, ensuring the accuracy and reliability of financial data processed through our platform.

Pave is SOC 2 Type 2 compliant. This attestation verifies our systems are designed to keep customer data secure, available, and confidential over time, reflecting the our commitment to ongoing operational excellence.

Pave adheres to the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), ensuring data is processed lawfully, transparently, and securely. We work closely with clients to meet their compliance requirements under these regulations.

Pave does NOT use personally identifiable information (PII) in our Market Data products. These products only use aggregated and de-identified data.

Pave stores data in the United States, utilizing enterprise-grade cloud storage provided by Google Data Centers. We follow data storage best practices that comply with relevant regulations and industry standards.

Pave enforces the principle of “Least Privilege,” ensuring employees only have access to the data necessary for their roles. This approach minimizes the risk of unauthorized data exposure and maintains strict confidentiality.

Pave uses the most up to date Standard Contractual Clauses for transfers between customers and Pave, and between Pave and our subprocessors.